2017-014-Policy_writing_for_the_masses-master_fingerprints_and_shadowbrokers

1:00:12
 
Share
 
Archive this series
By Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio streamed directly from their servers.

So, I (Bryan) had a bit of a work issue to discuss. It has become one of my myriad jobs at work to write up some policies. In and of itself, it's not particularly fun work, and for whatever reason, this is causing me all kinds of issues. So this week we take a quick look at why I'm having these issues, if they are because I don't get it, or because the method I must follow is flawed.

After that, we add on to last week's show on #2FA and #MFA (http://traffic.libsyn.com/brakeingsecurity/2017-013-Multi-factor_auth_gotchas_with_Matt.mp3) by discussing why scientists are trying to create a 'master fingerprint' capable of opening mobile devices. We talk about FAR and FRR (false acceptance/rejection rates), and why the scientists may actually be able to pull it off.

We discussed Ms. Berlin's trip to the AIDE conference (https://appyide.org/), a two day #DFIR conference held at Marshall University by our good friend Bill Gardner (@oncee on Twitter). She gave a great interactive talk on working through online wargames and CTFs, and we get her update on the conference.

Finally, we did discuss a bit about the #ShadowBroker dump of #NSA tools. We discussed how different people are taking this dump over the #Wikileaks #CIA dump.

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-014-Policy_writing_for_the_masses-master_fingerprints_disneyland.mp3

Youtube Channel: https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw

iTunes Store Link: https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2

---------

Jay Beale’s Class “aikido on the command line: hardening and containment”

JULY 22-23 & JULY 24-25 AT BlackHat 2017

https://www.blackhat.com/us-17/training/aikido-on-the-command-line-linux-hardening-and-containment.html

---------

Join our #Slack Channel! Sign up at https://brakesec.signup.team
#RSS: http://www.brakeingsecurity.com/rss
#Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast

#iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

--- show notes----

Discuss AIDE with Ms. Berlin

Log-MD.com posted their first video.

Fingerprint Masters (a case against biometrics):

http://www.popsci.com/computer-scientists-are-developing-master-fingerprint-that-could-unlock-your-phone

http://www.digitaltrends.com/cool-tech/master-prints-unlock-phones/

Encrypted comms causing issues for employers: https://iapp.org/news/a/employers-facing-privacy-issues-with-encrypted-messaging-apps/

ShadowBrokers dump

“Worst since Snowden”

https://motherboard.vice.com/en_us/article/the-latest-shadow-brokers-dump-of-alleged-nsa-tools-is-awful-news-for-the-internet

https://theintercept.com/2017/04/14/leaked-nsa-malware-threatens-windows-users-around-the-world/

Making policies, easier said than done

Discuss DefSec chapter on Policies

Difficulty: aligning policies with compliance standards

FedRamp, PCI, etc

Writing a good policy so that it follows the guidelines

http://shop.oreilly.com/product/0636920051671.do -- Defensive Security Handbook

182 episodes available. A new episode about every 7 days averaging 60 mins duration .